Bug#1068818: sngrep: CVE-2024-3119 CVE-2024-3120

Moritz Mühlenhoff jmm at inutil.org
Thu Apr 11 16:41:40 BST 2024


Source: sngrep
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for sngrep.

CVE-2024-3119[0]:
| A buffer overflow vulnerability exists in all versions of sngrep
| since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID'
| SIP headers. The functions sip_get_callid and sip_get_xcallid in
| sip.c use the strncpy function to copy header contents into fixed-
| size buffers without checking the data length. This flaw allows
| remote attackers to execute arbitrary code or cause a denial of
| service (DoS) through specially crafted SIP messages.

https://github.com/irontec/sngrep/commit/dd5fec92730562af6f96891291cd4e102b80bfcc (v1.8.1)

CVE-2024-3120[1]:
| A stack-buffer overflow vulnerability exists in all versions of
| sngrep since v1.4.1. The flaw is due to inadequate bounds checking
| when copying 'Content-Length' and 'Warning' headers into fixed-size
| buffers in the sip_validate_packet and sip_parse_extra_headers
| functions within src/sip.c. This vulnerability allows remote
| attackers to execute arbitrary code or cause a denial of service
| (DoS) via crafted SIP messages.

https://github.com/irontec/sngrep/commit/f3f8ed8ef38748e6d61044b39b0dabd7e37c6809 (v1.8.1)

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-3119
    https://www.cve.org/CVERecord?id=CVE-2024-3119
[1] https://security-tracker.debian.org/tracker/CVE-2024-3120
    https://www.cve.org/CVERecord?id=CVE-2024-3120

Please adjust the affected versions in the BTS as needed.



More information about the Pkg-voip-maintainers mailing list